TL;DR: Authentication is built to verify people and systems through factors, tokens, or certificates, but agentic AI changes the trust model because runtime behaviour can shift beyond fixed approval paths, according to Ping Identity. The result is a widening gap between identity controls designed for static actors and agents that may act, chain tools, and access resources dynamically.
NHIMG editorial — based on content published by Ping Identity: Identity Fundamentals, IAM, and agentic AI considerations
By the numbers:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams govern authentication for AI agents and other non-human identities?
A: Security teams should treat authentication as only the entry point.
Q: Why do MFA and SSO not solve agentic AI identity risk on their own?
A: MFA and SSO confirm access at the moment of sign-in, but they do not constrain what a software actor can do after authentication.
Q: What do IAM teams get wrong about token-based access for software actors?
A: They often assume a valid token equals bounded trust.
Practitioner guidance
- Separate proof of identity from runtime authority Map which systems rely on authentication alone and add explicit authorisation boundaries for agent actions, especially where tokens, service credentials, or delegated sessions are reused across tools.
- Classify AI agents as governed non-human identities Assign each agent an owner, a purpose, a permission boundary, and a revocation path so the identity lifecycle can be managed with the same discipline used for service accounts and workload identities.
- Shorten token lifetimes and tighten audience scope Use the narrowest feasible token audience, reduce validity windows, and prevent broad federated tokens from carrying more authority than the agent needs for a single task.
What's in the full article
Ping Identity's full article covers the operational detail this post intentionally leaves for the source:
- A plain-language walkthrough of authentication methods across passwords, possession factors, inherence factors, certificates, and tokens.
- Examples of how SSO, OIDC, and federated identity change the access path for employees, partners, and customers.
- A closer look at how certificate-based and token-based authentication are used in real identity flows.
- The source article's own framing of agentic AI and runtime identity considerations for practitioners.
👉 Read Ping Identity's guide to authentication, SSO, and agentic AI identity →
Agentic AI authentication risk: are IAM controls keeping up?
Explore further
Authentication is necessary, but it is not a governance model for agentic AI. Authentication establishes that a subject is known, not that it will remain within a fixed decision path after login. Once the actor can select actions at runtime, static proof of identity becomes only the first checkpoint, not the control boundary. Practitioners should stop treating successful sign-on as evidence of trustworthy behaviour.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Another finding from the same research shows that only 44% of organisations have implemented policies to govern AI agents, despite 92% agreeing that governance is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when an AI agent uses access in an unintended way?
A: Accountability should rest with the team that owns the actor, the permissions granted to it, and the systems that failed to constrain it. For AI agents, identity governance has to assign ownership before deployment and define offboarding before the runtime is allowed to act. Without that, the access path exists but accountability does not.
👉 Read our full editorial: IAM authentication controls are being stretched by agentic AI